Call us today 01621 857841 or Email us
Quality Matters Logo 25 years of Quality Matters 1991-2016
"Quality Matters in your Business"

ISO/IEC 27001 Information Security Management

1st November 2011

This Standard was last updated in 2005 along with the code of Practice ISO/IEC 27002 and is currently being reviewed and updated by JTC1/SC27, the ISO/IEC Committee responsible for these Standards.

The planned publication is sometime in 2012 although it had been previously been muted as 2011.

Readers of this blog may  remember that ISO 19011 (Quality/Environmental Auditing Standard Update) was to have been published in June 2011 however,  the final draft for public comment was so badly received that the proposed Standard was withdrawn in total and it was sent back to the ‘drawing board’.

The 27001/27002 Standards have reached final committee stage, which is usually the precursor to a final draft for public comment.  There have been few details about the update but here are the ones that have been discussed:

  • No major changes to the Standard are envisaged as it is essential that full backwards compatibility is maintained.
  • All management Standards are adopting a common structure and terminology.  It is reasonable to assume that the Information Security Standards will follow this trend.
  • The part that has raised some eyebrows across the world concerns the Statement of Applicability which may be dropped from the 2012 Standard.  If this is the case then something will have to be put in its place, otherwise organisations would be able to claim conformity to ISO27001 without meeting all aspects of it.  The Statement of Applicability has up to now detailed the extent that the organisation has achieved compliance.   It could be that the level of compliance will have to be stated within the ‘Scope’ instead.
  • Most of the Management Standards  use the PDCA model (Plan-Do-Check-Act) as a tool to achieve  continual improvement.  It has been suggested that the PDCA should not be explicitly detailed in the updated ISMS Standards;  a move that has not been universally welcomed.

We will have to see what, if any of these elements will see the light of day and of course, when.

It is always useful to keep up to date with developments and for that reason I have posted these details.

The official blog for independent Management Training
Consultancy, Quality Matters Limited.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe

Blog Archives

Scopulus Articles

Creative Commons Licence

Quality Matters Limited

Heybridge Business Centre
110 The Causeway, Heybridge
Maldon
Essex CM9 4ND
England

T: 01621 857841
M: 07702 193788

The First and Genuine Quality Matters

© 2019 Quality Matters Ltd. All rights reserved. Responsive Design